Month: August 2021

The company says that the incident affected only some of its internal servers, which were taken down and isolated

Taiwan-based computer hardware firm Gigabyte has reportedly fallen victim to a cyber attack from ransomware group RansomEXX.

In a ransom note posted a dark web page, the group claimed that they were able to steal 112GB of data from an internal Gigabyte network as well as the American Megatrends Git Repository.

"We have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it," the hackers said in their ransom note, according to Bleeping Computer.

"Many of them are under NDA (Intel, AMD, American Megatrends)," it added.

"Leak sources: newautobom.gigabyte.intra, git.ami.com.tw and some others."

The page is reportedly hosted on a dark web portal used by RansomExx operatives to post their extortion demands and leak data from companies that refuse to pay.

Along with their ransom note, the hackers also posted the screenshots of documents from Intel, AMD and American Megatrends that are under a non-disclosure agreement.

Megatrends creates firmware for some computer manufacturers and Chromebook makers.

The cyber attack reportedly occurred on the night of 3 August, forcing the company to shut down some of its system in Taiwan. It affected multiple websites of the company, including its support site. Some customers complained that they were unable to access support documents or receive updated information about RMAs.

In a statement to Chinese news site United Daily News, Gigabyte confirmed that some of its internal servers were affected as a result of the attack.

The company is currently investigating how the attackers were able to breach its systems and steal data from its systems. Local law enforcement has also been notified about the incident.

According to media reports, RansomEXX group has become more active in recent months, hitting Ecuador's state-run Corporación Nacional de Telecomunicación (CNT) and Italy's Lazio region.

The gang has also victimised some other high-profile organisations in the past one year, including the Texas Department of Transportation (TxDOT), Konica Minolta, IPG Photonics, Tyler Technologies and Brazil's government networks.

Last month, another cyber gang, which stole a wealth of data from game publishing giant Electronic Arts (EA), also dumped their haul on an underground forum, after failing to extort the firm.

The gaming firm declared the data breach on 10th June, and a spokesperson said that only a "limited amount" of data was stolen.

Hackers, however, claimed that they had stolen 780GB of data, which they were willing to sell for $28 million.

Earlier this year, cyber criminals behind the ransomware attack on the Scottish Environmental Protection Agency (SEPA) also posted online about 4,000 stolen files, after SEPA declined to pay ransom to the group.

The angry affiliate says they are underpaid for the work

A disgruntled affiliate of the Conti ransomware service has leaked inside information about the group, including multiple tools and instruction manuals allegedly used by operatives to conduct ransomware attacks.

The details were leaked on a popular Russian-speaking hacking forum after Conti's operatives denied the hacker their expected share of ransomware revenues.

The angry affiliate said in the post that they received only $1,500 for the work, while recruiters divided the money among themselves.

The Conti ransomware group offers ransomware-as-a-service (RaaS), providing back-end infrastructure such as command servers and malware, which are then used by affiliates to launch actual cyber attacks against potential targets.

In April, Conti operatives targeted the Irish Health Service (HSE) network in a major ransomware attack. After the HSE refused to pay the ransom to the group, the hackers started posting patients' medical and personal details online. FBI said in May that the Conti operatives had targeted at least 16 healthcare and first response organisations in the US over the past 12 months.

The group's affiliates usually keep 70 to 80 per cent of a ransom payment, while Conti keeps the remainder.

Last week, an anonymous source shared with Bleeping Computer details of a hacking forum post that was created by a disgruntled Conti affiliate and which contained information about the ransomware operation.

This information included a 113 MB archive containing numerous tools and training material for conducting ransomware attacks and the IP addresses for Cobalt Strike C2 servers.

"I merge you their ip-address of cobalt servers and type of training materials. 1500 $ yes, of course, they recruit suckers and divide the money among themselves, and the boys are fed with what they will let them know when the victim pays," the affiliate stated in the post.

One instruction manual, written in Russian, instructs members how they can identify and hack victims using Cobalt Strike. It tells affiliates to use Google to search for the revenue of the potential target and then find employee accounts with admin privileges.

The guide then explains how that information can be used to deploy ransomware to encrypt the entire network of the company.

In a subsequent post on the forum, the hacker shared another archive containing 111 MB of files.

Advanced Intel's Vitali Kremez, who analysed the archive, told Bleeping Computer that the playbook "matches the active cases for Conti as we see right now".

Another security researcher, who goes by @Pancak3 on Twitter, advised people to block some IP addresses used in attacks from the Conti group.

🤫 go block these 🤫
162.244.80.235
85.93.88.165
185.141.63.120
82.118.21.1

— pancak3 (@pancak3lullz) August 5, 2021

The leak of Conti tools and training material has come amid a recent spate of ransomware attacks against American entities.

In May, US fuel distributor Colonial Pipeline suffered a massive ransomware attack that crippled fuel delivery in southeastern US states.

In June, Brazil-based JBS, the world's largest meat-packer by sales, paid $11 million in ransom after a massive attack targeting its computer systems in the US and Australia. Florida-based IT firm Kaseya also suffered a ransomware attack on 2nd July, suspected to be the work of the Russia-based REvil.

Following the Kaseya attack, White House press secretary Jen Psaki said that President Biden was considering all options for how to respond to ransomware attacks targeting US organisations.

Last month, the US State Department announced a reward of up to $10 million for information that could help identify or locate cyber actors that are working at the direction of a foreign government and targeting critical infrastructure in the US.

Many older medical devices simply need new software to smooth the rough edges and improve connectivity

While developers have always been under pressure to create and deploy increasingly rapidly, the accelerated digital transformation brought about by the pandemic has made speed of delivery even more important, and opened the industry's eyes to the need for efficiency going forward.

For developers working on life-saving medical devices, in particular, fast delivery and a quick time to market is essential.

However, in the medical space, developers don't just have time pressures. They also have to navigate a labyrinth of complex regulatory requirements, with no margin for error.

Life-saving tech

The medical device sector is integral to modern healthcare. In the last decade, it has undergone significant growth in innovative technologies that have dramatically improved services, reduced patient recovery time, and lowered cost of treatments.

Spurred by the rapid evolution of the Internet of Things (IoT), hospitals and doctors' surgeries have been quietly upgrading and connecting devices. The Internet of Medical Things (IoMT), a sub-sector of the IoT, was growing organically, and healthcare looked set to gradually join the ranks of industries undergoing digital transformation. Then, the pandemic struck.

The outbreak of Covid-19 further exposed a lot of medical devices as archaic, poorly designed and in desperate need of an upgrade.

During the pandemic, hospital machinery such as ventilators simply were not fit for purpose when deployed to makeshift treatment facilities. Hospitals stopped admitting non-Covid patients, appointments were conducted virtually, and doctors started monitoring symptoms remotely. Suddenly, connected devices went from being a convenient luxury to an essential cog in the healthcare machine.

The shortcomings of medical devices exposed by the pandemic have accelerated the growth of the IoMT, opening the industry's eyes to the need to create new technologies with more intuitive user experiences (UX) and user interfaces (UI), and better connectivity.

Unfortunately, the process of introducing a new medical device to market can be long-winded as any new products are subject to the rigours of in-country certification and market clearance processes.

These devices, such as the latest iterations of pacemakers, insulin pumps and blood pressure monitors, will eventually come into contact with patients, sensitive information and, in severe cases, life-and-death situations.

As a result, there are regulations and processes to ensure these technologies reach consumers only after passing a demanding battery of clinical trials.

The pandemic and the continued need for new, more intuitive technologies have created more challenges than ever for medical device developers, bringing issues such as cybersecurity and data integrity to the forefront. So, what is the role of developers in helping to revolutionise the medical devices industry?

Putting the dev in devices

When it comes to industry regulation, developers need educating. However, responsibility for and familiarity with various guidelines and specifications in the world's second-most regulated industry is, in the mind of most developers, outside of their remit.

For truly seamless design and manufacturing of new medical devices, an understanding of the regulations would be hugely beneficial. Unfortunately, the likelihood of time-tight developers attaining such comprehension is unlikely given their complexity, and its unreasonable to expect them to do so.

Instead, developers should focus their efforts on producing software for existing devices, that provides users with a UX and UI akin to those that they have come to expect from modern consumer products such as smartphones and tablets.

Just as consumers now expect new devices to run with Apple-like efficiency, the healthcare industry and its patients should expect modern medical devices to be equally intuitive.

Many existing devices have been in circulation for years and some are verging on obsolete. If the benchmark for device UX and UI is the latest software used in Apple or Android smartphones, a number of critical medical devices are operating on something closer to Windows 95.

This is where developers can play a major part in modernising the industry. These old devices are still saving lives every day, and many of the ventilators that kept Covid patients alive during the pandemic are outdated; but they simply require new software that can smooth some of the rougher edges. Connectivity, for example, is something that developers can write into code for existing models so that when new devices are manufactured with touch screens and all the trimmings, they can be linked to hospital infrastructure, connect life-saving data, monitor symptoms and make diagnoses from remote locations.

A new era for medical devices and pandemic proof healthcare

The pandemic has shone a light on what has been understood in the medical devices industry for decades. What has been reconfirmed is that a significant challenge to navigate is the high degree of regulation, guidelines and specifications that govern the manufacturing of new, life-saving products.

The approval and certification of new devices can be a huge bottleneck in a device company's go-to-market planning It is evident that more can be done through the product development and design process to streamline and increase the efficiency of the regulatory approval and certification process to help shorten a medical devices' time to market

Such is the urgency to digitally transform, developers are often subjected to unreasonable and highly pressurised demands to expedite product time to market. In an industry as regulated as healthcare, these expectations can be overwhelming.

The focus for developers should be on creating software with the capacity to deliver smartphone-like UX and UI for users and patients. In doing so, developers can play a critical role in helping to revolutionise the medical devices industry.

Roger Mazzella is senior product manager at The Qt Company

 

A massive supply chain attack rocked Kaseya, and Microsoft announced a new route to virtualisation

It's all about Microsoft this month, with a celebratory earnings release, a wildly popular new product...and the loss of a $10 billion deal. Welcome to this month's Big Picture.

In this series, Delta Site Editor Tom Allen looks back at the technology industry's most important stories in the last month, through five different lenses.

The month began with a supply chain attack on IT services provider Kaseya, with a worldwide fallout including the closure of petrol stations, grocery stores and broadcasters. Days later, news broke about Israeli firm NSO Group's Pegasus product being used to spy on journalists, activists and even the President of France.

The spyware scare made many fear for their digital safety, and Microsoft hopes its new Windows 365 product will set minds at rest; it's certainly got off to a strong start. It wasn't all roses for Microsoft though, as it lost a massive contract with the Department of Defense.

We're also looking at the continued rise of green tech solutions, and shortages in both the chip and labour markets. All this, and more, in this month's Big Picture.

People travelling to the Republic of Ireland will not pay any extra charges

Vodafone has announced that it will reintroduce roaming charges for UK mobile customers who travel in mainland Europe from January next year.

The fees will apply to new customers and those who change their contract from 11 August 2021, and will begin applying from 6 January 2022.

"If you're on a Pay monthly plan that started before 11 August 2021, there will be no change to your plan, or to the way you roam, while you stay on that plan," the company says on its website.

"This European roaming charge won't apply to Xtra Airtime Plans with 4 Xtra benefits."

Moreover, the company is "not making any changes to VOXI, Pay as you go plans, Talkmobile or Vodafone Basics at this time.

"If your plan doesn't include roaming in Europe, there will be a daily charge for using your phone in our European roaming zones," it added.

Affected customers will have the option to either pay £2 a day to use their monthly allowance of calls, data, and text messages in Europe, or pay £1 if they buy access in an eight- or 15-day bundle.

People travelling to the Republic of Ireland will not have to pay any extra charges regardless of their contract.

The move makes Vodafone the second mobile carrier in the UK - after EE - to reintroduce European roaming fees following Brexit.

Since June 2017, British travellers had been able to escape roaming fees in EU thanks to a ban on roaming charges.

But after Brexit, the UK had to negotiate a new trade deal with the bloc, which did not include free mobile roaming in region, allowing UK mobile carriers to reintroduce charges if they wished.

In July last year, the UK government launched a £93m "check and change" advertising splurge to prepare British people for changes to foreign travel after the Brexit deadline ends. It urged people to check whether their network carriers were planning to introduce roaming charges for Europe.

While all major carriers had previously said that they had no plans to introduce roaming charges, EE - which is owned by BT - became the first carrier in the UK to break the promise.

The company announced in June that its customers will have to pay £2 a day in 47 European destinations, starting from January 2022. It firm argued that introducing the fee would "support investment into our UK based customer service and leading UK network".

O2 has said that it will introduce an extra "fair use" charge for customers who use more than 25GB of data in a month when in an EU country.

Three has also reduced its "fair use" data limit from to 12GB a month when in Europe. Customers who cross the limit are required to pay £3 per extra gigabyte of data.